Using the Linux host Command
DNS is like a telephone book of the Internet. DNS or Domain Name Servers help you translate the web URL to their underlying IP addresses.
For humans, it is easy to remember www.google.co.uk as compared to numbers such as 126.96.36.199 which is the IP address of www.google.co.uk.
So this means that when you type www.google.co.uk in your Internet Browser such as IE, Chrome or Firefox, the ISP looks up the DNS server to find the IP address and redirects you to where www.google.co.uk actully lives.
host is a command line linux utility for performing DNS lookups. It can be used to convert names to IP addresses to domain names and vice versa. You can get its command line arguments by typing host in the terminal. Here are the options you could use with the host command:
You can specify a domain name that you want to pull information from. You can also specify an IPv4 address or an IPv6 address (colon delimited). It will perform a reverse lookup for that IP address. Here is how my website information is fetched by the simple host command:
fahadusman.com has address 188.8.131.52 fahadusman.com mail is handled by 1 fahadusman-com.mail.protection.outlook.com.
Other examples of using host commands
Finding Nameservers: A nameserver maintains a directory of domain names that match certain IP addresses. In other words, it’s where the DNS server records for your domain are stored, allowing you to decide which hosting providers controls your webspace and email.
host -t ns fahadusman.com fahadusman.com name server buck.ns.cloudflare.com. fahadusman.com name server tina.ns.cloudflare.com.
-t specifies the type of record.
ns means nameserver and then the domain name.
Find IPv4/6 address: if you want to look for IPv4 or IPv6 address you can:
host -4 fahadusman.com fahadusman.com has address 184.108.40.206 fahadusman.com mail is handled by 1 fahadusman-com.mail.protection.outlook.com. host -6 google.co.uk google.co.uk has address 220.127.116.11 google.co.uk has IPv6 address 2a00:1450:4009:81e::2003 google.co.uk mail is handled by 0 smtp.google.com.
Find MX records, a mail server responsible for accepting email messages on behalf of a recipient’s domain, and a preference value used to prioritize mail delivery if multiple mail servers are available.
host -t mx fahadusman.com fahadusman.com mail is handled by 1 fahadusman-com.mail.protection.outlook.com. host -t mx target.com target.com mail is handled by 5 smtp02.target.com. target.com mail is handled by 5 smtp01.target.com.
FTP and SSH address: some times targets do have ftp or ssh addresses as well. you can enumerate by:
host -t a ssh.target.com ssh.target.com has address 18.104.22.168
Find SOA (Start of Authority) records: Every domain must have a Start of Authority record at the cutover point where the domain is delegated from its parent domain. For example if the domain mycompany.com is delegated to DNSimple name servers, we must include an SOA record for the name mycompany.com in our authoritative DNS records. We add this record automatically for every domain that is added to DNSimple.
host -t soa target.com target.com has SOA record tezttsdcx01p.extdns.target.com. hostmaster.target.com. 2005139024 28800 3600 604800 3600
The SOA record includes the following details:
- The primary name server for the domain, which is
tezttsdcx01p.extdns.target.comor the first name server in the vanity name server list for vanity name servers.
- The responsible party for the domain, which is
- A timestamp that changes whenever you update your domain.
- The number of seconds before the zone should be refreshed.
- The number of seconds before a failed refresh should be retried.
- The upper limit in seconds before a zone is considered no longer authoritative. i.e. expiry =
- The negative result TTL (for example, how long a resolver should consider a negative result for a subdomain to be valid before retrying).
Get txt records by:
host -t txt google.com google.com descriptive text "apple-domain-verification=30afIBcvSuDV2PLX" google.com descriptive text "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ" google.com descriptive text "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e" google.com descriptive text "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB" google.com descriptive text "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8=" google.com descriptive text "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o" google.com descriptive text "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289" google.com descriptive text "v=spf1 include:_spf.google.com ~all" google.com descriptive text "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"